npm just told me I need to update 17 packages to resolve a single security vulnerability. 50MB of downloads and 200 lines of code changes later. I'm still not sure if my app actually works anymore